From 67bcbb0c3416e2f42f013edf7b5672c696a822e0 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 7 Oct 2021 14:23:31 +0200
Subject: [PATCH] dnsdist: Add #10157 to the upgrade guide and the 1.7.0-alpha1
 ChangeLog

As suggested by Denis Machard on the mailing-list (thanks!).
---
 pdns/dnsdistdist/docs/changelog.rst     | 7 +++++++
 pdns/dnsdistdist/docs/upgrade_guide.rst | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/pdns/dnsdistdist/docs/changelog.rst b/pdns/dnsdistdist/docs/changelog.rst
index ecc9109abd..a00426d25f 100644
--- a/pdns/dnsdistdist/docs/changelog.rst
+++ b/pdns/dnsdistdist/docs/changelog.rst
@@ -5,6 +5,13 @@ Changelog
   :version: 1.7.0-alpha1
   :released: 23rd of September 2021
 
+  .. change::
+    :tags: Improvements
+    :pullreq: 10157
+    :tickets: 7937
+
+    Move to hashed passwords for the web interface
+
  .. change::
     :tags: Improvements
     :pullreq: 10381
diff --git a/pdns/dnsdistdist/docs/upgrade_guide.rst b/pdns/dnsdistdist/docs/upgrade_guide.rst
index a770666287..eb00fffddc 100644
--- a/pdns/dnsdistdist/docs/upgrade_guide.rst
+++ b/pdns/dnsdistdist/docs/upgrade_guide.rst
@@ -10,6 +10,8 @@ Truncated responses received over UDP for DoH clients will now be retried over T
 
 Unless set via :func:`setMaxTCPClientThreads` the number of TCP workers now defaults to 10, instead of the number of TCP binds.
 
+Plain-text API keys and passwords for web server authentication are now strongly discouraged. The :func:`hashPassword` method can be used to generate a hashed and salted version of passwords and API keys instead, so that the plain-text version can no longer be found in either the configuration file or the memory of the running process.
+
 1.5.x to 1.6.0
 --------------
 
-- 
2.47.2